Cryptology ePrint Archive: Report 2016/1007
A survey of attacks on Ethereum smart contracts
Nicola Atzei and Massimo Bartoletti and Tiziana Cimoli
Abstract: Smart contracts are computer programs that can be correctly executed by a network of mutually distrusting nodes, without the need of an external trusted authority. Since smart contracts handle and transfer assets of considerable value, besides their correct execution it is also crucial that their implementation is secure against attacks which aim at stealing or tampering the assets. We study this problem in Ethereum, the most well-known and used framework for smart contracts so far. We analyse the security vulnerabilities of Ethereum smart contracts, providing a taxonomy of common programming pitfalls which may lead to vulnerabilities. We show a series of attacks which exploit these vulnerabilities, allowing an adversary to steal money or cause other damage.
Category / Keywords: applications / smart contracts, blockchain, cryptocurrencies
Date: received 24 Oct 2016, last revised 14 Dec 2016
Contact author: bart at unica it
Available format(s): PDF | BibTeX Citation
Note: Updated attacks to version 0.4.2 of the Solidity compiler.
Version: 20161214:111636 (All versions of this report)
Short URL: ia.cr/2016/1007
Discussion forum: Show discussion | Start new discussion
[ Cryptology ePrint archive ]